Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-4342

Don't try to invalidate a session ID of an empty string

    • Icon: Suggestion Suggestion
    • Resolution: Fixed
    • 2.8.3
    • None
    • None
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Since CWD-4271, deleting an empty session token results in invalidating all sessions. As this was never an expected value, specifically check for it and fail locally.

      At the same time, check for cases that are calling this conditionally on having a session token and ensure they don't treat it as something that can be invalidated.

            [CWD-4342] Don't try to invalidate a session ID of an empty string

            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3388306 ] New: JAC Suggestion Workflow 3 [ 3630262 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1393364 ] New: JAC Suggestion Workflow [ 3388306 ]
            Issue Type Original: Improvement [ 4 ] New: Suggestion [ 10000 ]
            vkharisma made changes -
            Link New: This issue is related to JRACLOUD-43151 [ JRACLOUD-43151 ]
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 857843 ] New: Simplified Crowd Development Workflow v2 [ 1393364 ]
            Ferd made changes -
            Remote Link New: This issue links to "Page (Extranet)" [ 143465 ]
            David Black made changes -
            Link New: This issue is related to JRA-41559 [ JRA-41559 ]
            Earl McCutcheon made changes -
            Link New: This issue relates to JRA-43968 [ JRA-43968 ]

            This started affecting us yesterday. CROWD is a system integration and I don't see any way of disabling it. It is a huge problem for our users, as our developers and sysadmins are in jira all through the day. Waiting for the 'next release' is really not an option for us. I need a workaround.

            Kevin Leicht added a comment - This started affecting us yesterday. CROWD is a system integration and I don't see any way of disabling it. It is a huge problem for our users, as our developers and sysadmins are in jira all through the day. Waiting for the 'next release' is really not an option for us. I need a workaround.
            Sunny Kalsi [Atlassian] made changes -
            Remote Link New: This issue links to "Page (Extranet)" [ 103928 ]

            Joe Clark added a comment - - edited

            I think the fix version on this issue is set incorrectly - the related commit, #2c5593c3 does not appear to exist in any released tag or branch.

            jwalton - could you fix this up please? Also I think the impact of this bug might be nastier than originally estimated. This will affect anyone using the CrowdSSOAuthenticator in Confluence/JIRA. I haven't set up a Crowd + JIRA environment to test with, but I'm pretty sure any action in Conf/JIRA that attempts to do a Seraph logout on an anonymous user will trigger this behaviour, resulting in everyone being logged out.

            Once the fixed version of Crowd is available, tickets will need to be created to update the shipped Crowd version in Conf/JIRA

            Joe Clark added a comment - - edited I think the fix version on this issue is set incorrectly - the related commit, #2c5593c3 does not appear to exist in any released tag or branch. jwalton - could you fix this up please? Also I think the impact of this bug might be nastier than originally estimated. This will affect anyone using the CrowdSSOAuthenticator in Confluence/JIRA. I haven't set up a Crowd + JIRA environment to test with, but I'm pretty sure any action in Conf/JIRA that attempts to do a Seraph logout on an anonymous user will trigger this behaviour, resulting in everyone being logged out. Once the fixed version of Crowd is available, tickets will need to be created to update the shipped Crowd version in Conf/JIRA

              jwalton joe
              jwalton joe
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: